events {}

http {
     # Log warnings
     # TODO: Better path
     error_log /var/log/nginx.log warn;

     # No idea, but nginx refuses to start without it
     server_names_hash_bucket_size 64;

     # The redirection server
     server {
            listen 80 default_server;
            add_header Strict-Transport-Security "max-age=31536000" always;
            return 301 https://$host$request_uri;
     }

     # The actual webserver duties
     server {
            # server_name lateinicus;
            listen 443 ssl http2;
            add_header Strict-Transport-Security "max-age=31536000" always;

            # SSL configuration
            ssl_certificate     /etc/ssl/lateinicus.pem;
            ssl_certificate_key /etc/ssl/lateinicus.key;
            ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers         HIGH:!aNULL:!MD5;
            ssl_session_cache   shared:SSL:10m;
            ssl_session_timeout 10m;
            keepalive_timeout   70;

            # Enable gzip compression
            gzip on;
            gzip_min_length 256K;

            # Reverse Proxy
            location /api/ {
                     # Seems weird, but it is (Prevent /api/api/)
                     rewrite /api/(.*) /api/$1 break;
                     proxy_set_header Host $host;
                     proxy_set_header X-Real-IP $remote_addr;
                     proxy_pass http://128.1.0.3:8080;
            }

            # There probably is a better solution using wildcards
            location /app {
                     return 301 https://$host/app/;
            }

            # The web app
            location /app/ {
                     # CSS might not get the correct Content-Type header
                     include  /etc/nginx/mime.types;

                     root /srv/www;
                     # For react-router
                     try_files $uri /app/index.html;
                     index index.html;
            }
     }
}